Hi @kjain041523 

This error looks to relate to the Splunk_TA_paloalto app - have you customised this app in any way?

Specifically those two lookup definitions are referencing the lookup 'minemeldfeeds_lookup' which is a KVStore - do you have any issues with KV Store on your deployment? 

By default these lookup definitions and KV Store definitions are shared globally - have you changed the KV Store definition or permissions at all?

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

@kjain041523  The lookup error indicates Splunk is attempting to run automatic lookups that reference missing or misconfigured lookup files.

You can try to check the lookup definitions in Splunk Web under Settings > Lookups, confirm that the corresponding CSV files (minemeIdfeeds_src_lookup, minemeIdfeeds_dest_lookup) exist in the app’s lookups or directory. To fix the error, you may either restore the missing files or disable the lookup definitions if they are not needed. 

>>

If this post addressed your question, you can:

• Give it karma to show appreciation 👍
• Mark it as the solution if it solved your issue ✔️
• Add a comment if you’d like more details ✏️

Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.

>>

Hi @kjain041523 ,

there's a lookup not found or not existent, probably an automatic lookup.

You shouls search it in the add-ons and check if it's present but not correctly shared or if it isn't present.

In the first case, you have to share it at Global level, in the second case, you have to create it.

Ciao.

Giuseppe